Manualshelf

Installation guide

ManualsBrandsPythonQ ManualsIndustrial248-8XX
41424344454647484950
Chapter 2. The proc File System 49
threads-max Sets the maximum number of threads to be used by the kernel, with a default
value of 2048.
version — Displays the date and time the kernel was last compiled. The first field in this file, such
as #3, relates to the number of times a kernel was built from the source base.
The random directory stores a number of values related to generating random numbers for the kernel.
2.3.9.4. /proc/sys/net/
This directory contains assorted directories concerning various networking topics. Various configura-
tions at the time of kernel compilation make available different directories here, such as appletalk,
ethernet, ipv4, ipx, and ipv6. Within these directories, you can adjust the assorted networking
values for that configuration on a running system.
Given the wide variety of possible networking options available with Linux and the great amount of
space required to discuss them, only the most common /proc/sys/net/ directories will be dis-
cussed.
The core directory contains a variety of settings that control the interaction between the kernel and
networking layers. The most important files there are:
message_burst The amount of time in tenths of a second required to write a new warning
message. This is used to prevent Denial of Service (DoS) attacks. The default setting is 50.
message_cost — Also used to prevent DoS attacks by placing a cost on every warning message.
The higher the value of this file (default of 5), the more likely the warning message will be ignored.
The idea of a DoS attack is to bombard your system with requests that generate errors and fill up
disk partitions with log files or require all of your system’s resources to handle the error logging.
The settings in message_burst and message_cost are designed to be modified based on your
system’s acceptable risk versus the need for comprehensive logging.
netdev_max_backlog — Sets the maximum number of packets allowed to queue when a partic-
ular interface receives packets faster than the kernel can process them. The default value for this
file is 300.
optmem_max — Configures the maximum ancillary buffer size allowed per socket.
rmem_default — Sets the receive socket buffer’s default size in bytes.
rmem_max — Sets the receive socket buffer’s maximum size in bytes.
wmem_default — Sets the send socket buffer’s default size in bytes.
wmem_max — Sets the send socket buffer’s maximum size in bytes.
The /ipv4 directory contains additional networking settings. Many of these settings, used in con-
junction with one another, are very useful in preventing attacks on the system or using the system to
act as a router.
Caution
An erroneous change to these files may affect your remote connectivity to the system.
Here are some of the most important files in the /proc/sys/net/ipv4/ directory:
icmp_destunreach_rate, icmp_echoreply_rate, icmp_paramprob_rate and
icmp_timeexeed_rate Set the maximum ICMP send packet rate, in hundredths of a second,
to hosts under certain conditions. A setting of 0 removes any delay and is not a good idea.